From 8bfb37e9f0e808483cd9754c020292a9cb35e342 Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Sun, 5 Feb 2012 19:15:09 +0000 Subject: Merge of r4401, r4415: SSL changes: *) Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Support for TLSv1.1 and TLSv1.2 protocols was introduced in OpenSSL 1.0.1 (-beta1 was recently released). This change makes it possible to disable these protocols and/or enable them without other protocols. *) Removed ENGINE_load_builtin_engines() call. It's already called by OPENSSL_config(). Calling it again causes some openssl engines (notably GOST) to corrupt memory, as they don't expect to be created more than once. --- src/mail/ngx_mail_ssl_module.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/mail') diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c index 4f4c9a20d..fa02409d2 100644 --- a/src/mail/ngx_mail_ssl_module.c +++ b/src/mail/ngx_mail_ssl_module.c @@ -37,6 +37,8 @@ static ngx_conf_bitmask_t ngx_mail_ssl_protocols[] = { { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, + { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, + { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, { ngx_null_string, 0 } }; @@ -206,7 +208,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) prev->prefer_server_ciphers, 0); ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, - (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); + (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1 + |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); -- cgit